VYPR
Get started
← All advisories
Medium severity4.8NVD Advisory· Published Aug 8, 2017· Updated May 13, 2026

CVE-2017-10149

CVE-2017-10149

Description

Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

Affected products

9
  • Oracle Corporation/Primavera Unifierv5
    Range: 9.13
  • Oracle Corporation/Primavera Unifier8 versions
    cpe:2.3:a:oracle:primavera_unifier:9.13:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:oracle:primavera_unifier:9.13:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_unifier:9.14:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_unifier:10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_unifier:10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_unifier:15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_unifier:15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.